| VID |
22753 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
According to its self-reported version number, the Apache Tomcat service running on the remote host is version 8.5.x prior to 8.5.5. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to a failure to process passwords when paired with a non-existent username. An unauthenticated, remote attacker can exploit this, via a timing attack, to enumerate user account names. (CVE-2016-0762)
- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager via a utility method that is accessible to web applications. (CVE-2016-5018)
- An information disclosure vulnerability exists in the SecurityManager component due to a failure to properly restrict access to system properties for the configuration files system property replacement feature. An attacker can exploit this, via a specially crafted web application, to bypass SecurityManager restrictions and disclose system properties. (CVE-2016-6794)
- A security bypass vulnerability exists that allows a local attacker to bypass a configured SecurityManager by changing the configuration parameters for a JSP servlet. (CVE-2016-6796)
- A security bypass vulnerability exists due to a failure to limit web application access to global JNDI resources. A local attacker can exploit this to gain unauthorized access to resources. (CVE-2016-6797)
* Note: This check solely relied on the version number of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37
* Platforms Affected:
Apache Tomcat Server versions prior to 8.5.5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat Server (8.5.5 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/ |
| Related URL |
CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797 (CVE) |
| Related URL |
93939,93940,93942,93943,93944 (SecurityFocus) |
| Related URL |
(ISS) |
|
